lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2025072809-pursuit-hardwired-d894@gregkh>
Date: Mon, 28 Jul 2025 07:20:44 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Suchit K <suchitkarunakaran@...il.com>
Cc: masahiroy@...nel.org, nicolas.schier@...ux.dev,
	linux-kbuild@...r.kernel.org, skhan@...uxfoundation.org,
	linux-kernel-mentees@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kconfig/lxdialog: replace strcpy() with strncpy() in
 inputbox.c

On Mon, Jul 28, 2025 at 10:18:35AM +0530, Suchit K wrote:
> On Mon, 28 Jul 2025 at 09:59, Greg KH <gregkh@...uxfoundation.org> wrote:
> >
> > On Sun, Jul 27, 2025 at 10:14:33PM +0530, Suchit Karunakaran wrote:
> > > strcpy() performs no bounds checking and can lead to buffer overflows if
> > > the input string exceeds the destination buffer size. This patch replaces
> > > it with strncpy(), and null terminates the input string.
> > >
> > > Signed-off-by: Suchit Karunakaran <suchitkarunakaran@...il.com>
> > > ---
> > >  scripts/kconfig/lxdialog/inputbox.c | 6 ++++--
> > >  1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> > > index 3c6e24b20f5b..5e4a131724f2 100644
> > > --- a/scripts/kconfig/lxdialog/inputbox.c
> > > +++ b/scripts/kconfig/lxdialog/inputbox.c
> > > @@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
> > >
> > >       if (!init)
> > >               instr[0] = '\0';
> > > -     else
> > > -             strcpy(instr, init);
> > > +     else {
> > > +             strncpy(instr, init, sizeof(dialog_input_result) - 1);
> > > +             instr[sizeof(dialog_input_result) - 1] = '\0';
> >
> > As this is a userspace tool, why is this change needed at all?  How can
> > this overflow and if it does, what happens?
> >
> 
> Hi Greg. The primary motivation for this patch was the deprecation of
> strcpy(). Additionally, I believed there was a possibility of a buffer
> overflow if the initial string accidentally exceeded the length of
> instr, although the chances might be low.

Is strcpy() being deprecated in userspace?  I think it's a core part of
the C language specification :)

Again, how can that buffer be "too large"?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ